[GovWayCore]

La negoziazione di un token in modalità 'SignedJWT' utilizzando un keystore di tipo 'JWK Set' falliva con il seguente errore: "Errore avvenuto durante la consegna HTTP: (Errore di Connessione) JWT Signature keystore password undefined".

ChangeLog

@@ -1,3 +1,10 @@
+2022-12-09  Andrea Poli <[email protected]>
+
+	* [GovWayCore]
+	Risolto Bug OP-1517
+	La negoziazione di un token in modalità 'SignedJWT' utilizzando un keystore di tipo 'JWK Set' falliva con il seguente errore: 
+	"Errore avvenuto durante la consegna HTTP: (Errore di Connessione) JWT Signature keystore password undefined".
+
 2022-12-09  Andrea Poli <[email protected]>
 
 	* [GovWayCore, Utils]

core/src/org/openspcoop2/message/utils/ServletTestService.java

@@ -778,6 +778,100 @@ public void doEngine(HttpServletRequest req, HttpServletResponse res, boolean on
 			}
 
 
+			// x-www-form-urlencoded
+			boolean echoFormUrlEncoded = false;
+			StringBuilder sbEchoFormUrlEncoded = new StringBuilder();
+			String contentTypeEchoFormUrlEncoded = null;
+			String _form_urlencoded = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncoded");
+			if(_form_urlencoded!=null && _form_urlencoded.equalsIgnoreCase("true")){
+				if(req.getContentType()!=null && ContentTypeUtilities.isMatch(HttpConstants.CONTENT_TYPE_X_WWW_FORM_URLENCODED, req.getContentType())) {
+					Enumeration<String> en = req.getParameterNames();
+					if(en!=null) {
+
+						String tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedPrefix");
+						String prefix = null;
+						if(tmp!=null && !"".equals(tmp)) {
+							prefix = tmp;
+						}
+
+						String wrapKep="";
+						tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedWrapKey");
+						if(tmp!=null && !"".equals(tmp)) {
+							wrapKep = tmp;
+						}
+
+						String wrapValue="";
+						tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedWrapValue");
+						if(tmp!=null && !"".equals(tmp)) {
+							wrapValue = tmp;
+						}
+
+						String separatorKeyValue="=";
+						tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedSeparatorKeyValue");
+						if(tmp!=null && !"".equals(tmp)) {
+							separatorKeyValue = tmp;
+						}
+
+						String separator="&";
+						tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedSeparator");
+						if(tmp!=null && !"".equals(tmp)) {
+							separator = tmp;
+						}
+
+						while (en.hasMoreElements()) {
+							String key = (String) en.nextElement();
+							if(key!=null && !key.startsWith("replyFormUrlEncoded")) {
+
+								tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncoded_ignoreParam_"+key);
+								if("true".equals(tmp)) {
+									continue;
+								}
+
+								String value = req.getParameter(key);
+								if(value!=null) {
+
+									tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncoded_renameParam_"+key);
+									if(tmp!=null && !"".equals(tmp)) {
+										key=tmp;
+									}
+
+									if(sbEchoFormUrlEncoded.length()>0) {
+										sbEchoFormUrlEncoded.append(separator);
+									}
+									else {
+										if(prefix!=null) {
+											sbEchoFormUrlEncoded.append(prefix);
+										}
+									}
+									sbEchoFormUrlEncoded.append(wrapKep);
+									sbEchoFormUrlEncoded.append(key);
+									sbEchoFormUrlEncoded.append(wrapKep);
+									sbEchoFormUrlEncoded.append(separatorKeyValue);
+									sbEchoFormUrlEncoded.append(wrapValue);
+									sbEchoFormUrlEncoded.append(value);
+									sbEchoFormUrlEncoded.append(wrapValue);
+								}
+							}
+						}
+
+						tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedSuffix");
+						if(tmp!=null && !"".equals(tmp)) {
+							sbEchoFormUrlEncoded.append(tmp);
+						}
+
+						echoFormUrlEncoded = sbEchoFormUrlEncoded.length()>0;
+						if(echoFormUrlEncoded) {
+							contentTypeEchoFormUrlEncoded = req.getContentType();
+							tmp = getParameter_checkWhiteList(req, this.whitePropertiesList, "replyFormUrlEncodedContentType");
+							if(tmp!=null && !"".equals(tmp)) {
+								contentTypeEchoFormUrlEncoded = tmp;
+							}
+
+						}
+					}
+				}
+			}
+
 
 
 			// opzioni tunnel SOAP
@@ -1290,6 +1384,30 @@ else if(problemDetailSerialization!=null) {
 				 res.getOutputStream().flush();
 				 res.getOutputStream().close();
 			}
+			else if(echoFormUrlEncoded) {
+
+				if(headers!=null && !headers.isEmpty()) {
+	            	Iterator<String> itHdr = headers.keySet().iterator();
+	            	while (itHdr.hasNext()) {
+						String returnHeaderKey = (String) itHdr.next();
+						List<String> returnHeaderValue = headers.get(returnHeaderKey);
+						if(returnHeaderValue!=null && !returnHeaderValue.isEmpty()) {
+							for (String value : returnHeaderValue) {
+								res.addHeader(returnHeaderKey, value);	
+							}
+						}
+					}
+	            }
+
+				res.setContentType(contentTypeEchoFormUrlEncoded);
+
+				res.setStatus(returnCode);
+
+				res.getOutputStream().write(sbEchoFormUrlEncoded.toString().getBytes());
+				res.getOutputStream().flush();
+				res.getOutputStream().close();
+
+			}
 			else{
 
 				if(oneway){

core/src/org/openspcoop2/pdd/core/connettori/ConnettoreBase.java

@@ -628,10 +628,20 @@ else if(org.openspcoop2.pdd.core.token.Costanti.POLICY_TOKEN_FORWARD_TRASPARENTE
 					throw new Exception(esitoNegoziazione.getDetails(),esitoNegoziazione.getEccezioneProcessamento());
 				}
 				if(esitoNegoziazione.isInCache()) {
-					this.logger.debug("Presente in cache access_token '"+esitoNegoziazione.getToken()+"'; expire in ("+sdf.format(esitoNegoziazione.getInformazioniNegoziazioneToken().getExpiresIn())+")");
+					if(esitoNegoziazione.getInformazioniNegoziazioneToken().getExpiresIn()!=null) {
+						this.logger.debug("Presente in cache access_token '"+esitoNegoziazione.getToken()+"'; expire in ("+sdf.format(esitoNegoziazione.getInformazioniNegoziazioneToken().getExpiresIn())+")");
+					}
+					else {
+						this.logger.debug("Presente in cache access_token '"+esitoNegoziazione.getToken()+"'; no expire");
+					}
 				}
 				else {
-					this.logger.debug("Recuperato access_token '"+esitoNegoziazione.getToken()+"'; expire in ("+sdf.format(esitoNegoziazione.getInformazioniNegoziazioneToken().getExpiresIn())+")");
+					if(esitoNegoziazione.getInformazioniNegoziazioneToken().getExpiresIn()!=null) {
+						this.logger.debug("Recuperato access_token '"+esitoNegoziazione.getToken()+"'; expire in ("+sdf.format(esitoNegoziazione.getInformazioniNegoziazioneToken().getExpiresIn())+")");
+					}
+					else {
+						this.logger.debug("Recuperato access_token '"+esitoNegoziazione.getToken()+"'; no expire");
+					}
 				}
 
 				if(n.getValue()!=null) {

core/src/org/openspcoop2/pdd/core/token/GestoreToken.java

@@ -3874,7 +3874,7 @@ private static String signJwt(PolicyNegoziazioneToken policyNegoziazioneToken, S
 					throw new Exception("JWT Signature keystore file undefined");
 				}
 				String keystorePassword = policyNegoziazioneToken.getJwtSignKeystorePassword();
-				if(keystorePassword==null) {
+				if(keystorePassword==null && !"jwk".equalsIgnoreCase(keystoreType)) {
 					throw new Exception("JWT Signature keystore password undefined");
 				}
 				keyAlias = policyNegoziazioneToken.getJwtSignKeyAlias();
@@ -4951,7 +4951,7 @@ private static String signAAJwt(PolicyAttributeAuthority policyAttributeAuthorit
 			throw new Exception("JWT Signature keystore file undefined");
 		}
 		String keystorePassword = policyAttributeAuthority.getRequestJwtSignKeystorePassword();
-		if(keystorePassword==null) {
+		if(keystorePassword==null && !"jwk".equalsIgnoreCase(keystoreType)) {
 			throw new Exception("JWT Signature keystore password undefined");
 		}
 		String keyAlias = policyAttributeAuthority.getRequestJwtSignKeyAlias();

core/src/org/openspcoop2/pdd/core/token/TokenUtilities.java

@@ -431,7 +431,7 @@ public static KeystoreParams getSignedJwtKeystoreParams(PolicyNegoziazioneToken
 			throw new Exception("JWT Signature keystore file undefined");
 		}
 		String keystorePassword = policy.getJwtSignKeystorePassword();
-		if(keystorePassword==null) {
+		if(keystorePassword==null && !"jwk".equalsIgnoreCase(keystoreType)) {
 			throw new Exception("JWT Signature keystore password undefined");
 		}
 		String keyAlias = policy.getJwtSignKeyAlias();

protocolli/trasparente/testsuite/karate/RUN.README

@@ -218,6 +218,9 @@
 
 - Creare la cartella /tmp/govway-testsuite dove l'application server deve avere i permessi di scrittura
 
+- Copiare i certificati 'jwk' definiti nel file jwks/JWKs.README in /etc/govway/keys:
+  cp jwks/testJWKprivate.jwk /etc/govway/keys/
+  cp jwks/testJWKpublic.jwk /etc/govway/keys/
 
 Per eseguire i test:
 	ant run_test

protocolli/trasparente/testsuite/karate/jwks/JWKs.README

@@ -0,0 +1,17 @@
+Generazione delle chiavi di test utilizzate poi nelle configurazioni:
+
+openssl genrsa -passout pass:123456 -out testJWKrsaprivkey.pem 2048
+openssl rsa -in testJWKrsaprivkey.pem -pubout -outform DER -out testJWKrsapubkey.der
+openssl rsa -in testJWKrsaprivkey.pem -pubout -outform PEM -out testJWKrsapubkey.pem
+openssl pkcs8 -topk8 -inform PEM -outform DER -in testJWKrsaprivkey.pem -out testJWKrsaprivkey.der -nocrypt
+
+Dalle chiave pubbliche e private sopra, è possibile generare i corrispettivi jwks utilizzando il convertitore online in https://8gwifi.org/jwkconvertfunctions.jsp
+Attenzione che il json ottenuto non è all'interno di una struttura keys e quindi va inserito all'interno:
+     {"keys":[ JSON_OTTENUTO ]} 
+
+In alternativa è possibile utilizzare i comandi seguenti:
+
+java -classpath openspcoop2_utils_BUILD-90e36977.jar:lib/security/*:lib/cxf/*:lib/jackson/*:lib/swagger/* org.openspcoop2.utils.certificate.JWKPublicKeyConverter testJWKrsapubkey.der testJWKpublic.jwk true false
+
+java -classpath openspcoop2_utils_BUILD-90e36977.jar:lib/security/*:lib/cxf/*:lib/jackson/*:lib/swagger/* org.openspcoop2.utils.certificate.JWKPrivateKeyConverter testJWKrsapubkey.der testJWKrsaprivkey.der testJWKprivate.jwk true false 
+

protocolli/trasparente/testsuite/karate/jwks/testJWKprivate.jwk

@@ -0,0 +1 @@
+{"keys":[{"p":"60kazg7hflRrvf4B4M4-j_Kqs0CKFucwF5bTEblnAylSSV8IUIp3CCKev67VmB6vGqdfTe2jMPKlksVVjCz6BWL5uLiqdzT_v9Ok9HuV3SwwvcR7bNSqPAfrZ1Gzbz9KPH80ylkdHKy0L3AyB3nK2t0lB9Z8QBerYi_TZ7ZsR90","kty":"RSA","q":"yTUJ6j9iFfSPg8U6LW-e3z1bRIi94TwNYvgWoObzWtyqPJVm7xgSOaMjbSnHzr5N-WfI1Rn0yLs2XXH0Ix1Zn7focgBM799yZl4LLCCxBp-GcvKV8F0fJA7GCw4861s6_fbPclQ89eD8pLolv0j-aVuK60nOQPfpeTza2Kdl_w8","d":"BH9wGsYjCwTKm-mX1WYdJAUgGVmuv8iC7CoMWpo4aNFfxEzFNWJ5DUavjgSCSC_mvTCyeXOIA-0zUJuCVH7vomQvKzhYBmplSUWLdUCYDgZYAYIUpZ-JzmSKNViwzLxxdJohJKijN0xTEJBBHoz7VYQ_4aRfGfHXpNexruzRP00TFphc68zCKM7O2s3izeptJ4Ml6hcLvLYbdcrhlQJK3jZAPIx14McYjneYkMYNYNfnayL5N-z4nbt2j9dB9VAXZyXlHwvaNLeY4nRTykOgH8eVk4RXFti-DMTpz2AAV0wH1X3RcIcWsdo5bTbtssfRryfgG4tmFZYexK9pIddF0Q","e":"AQAB","kid":"de606068-01cb-49a5-824d-fb171b5d5ae4","qi":"zcKGBxHTAbf4CppYf1L6DD2K8u5ri-shi9alVawOAQIcYA_wFewrDv8w6ohvPLbclGmoRCAy6uWr28U8ean2KO9gl3QKx0YNArdbqtl6bxl6FWB6CLQ0uwaMgDlJ2qJ6RB8N37LS7JLIOvCKHfZxg8HvGNh7du0ENGY-fWlt8Os","dp":"P7MQFb-Dnx8d-FcfjQxpdbFeM5-Cg0beB1TnGgJW-E0koQagiqWiKkqtLfoYi9Gq2I19yOxQZT0cRIs2aPf4TKMKNs-QHyvzHa0gGKyo2zNOkuHyBHnjCNOgEN3WtYSuBYju8uWDczLyqXE3qjx4Bh8fGmsgQn3mAXQvSQHjeOU","dq":"CP4O2GJGzvZkJ5578CXp8s46MwDtg5B8hKzTzhMkUy5DiXuf4xWvUtYgsjNI08ubjob96dBEKWh8kIaUQ7F_HO1KPTYYOixBX6PaWfmID-S3TJHc86YlyyXB4iKbxGUKaOlL8i8jnlWU1QPgxgDMJgdKWSOuTScHTzzSBxbMLy8","n":"uO0lSzNdA4G084FnllC1gIZIWPBG5oGPC2XnsWWpw0Hw2dzo5e5nYzXGS9CChVRN6CPrybeksNuVAg8_RzCF1ZJmDCCkQeocNmrB0HhXJVLgLU3Bo4XZw_2G4zxo8RpemhyL2b3PzxplpKsmrIDI1TaCEgcvlsvmF6muMTmF9hnboGyXkapbrvVrxzU_WqZb580FzAFGyzSDNvUpIhl21k6An21jzwTQUS-M8hbXbbyO7SwMXlltbP0R1KYozBnxbfZyLlzIfw3ekuLqvjsRT68Ohej9WE3bCBKLJ2Bon7gpCgk0YaHlvGm6Dsa9E_kzWqoMurYMTPbhqCHbER5Y8w"}]}

protocolli/trasparente/testsuite/karate/jwks/testJWKpublic.jwk

@@ -0,0 +1 @@
+{"keys":[{"kty":"RSA","e":"AQAB","kid":"c98fda52-9a37-41c0-8696-65e5022e9e44","n":"uO0lSzNdA4G084FnllC1gIZIWPBG5oGPC2XnsWWpw0Hw2dzo5e5nYzXGS9CChVRN6CPrybeksNuVAg8_RzCF1ZJmDCCkQeocNmrB0HhXJVLgLU3Bo4XZw_2G4zxo8RpemhyL2b3PzxplpKsmrIDI1TaCEgcvlsvmF6muMTmF9hnboGyXkapbrvVrxzU_WqZb580FzAFGyzSDNvUpIhl21k6An21jzwTQUS-M8hbXbbyO7SwMXlltbP0R1KYozBnxbfZyLlzIfw3ekuLqvjsRT68Ohej9WE3bCBKLJ2Bon7gpCgk0YaHlvGm6Dsa9E_kzWqoMurYMTPbhqCHbER5Y8w"}]}

protocolli/trasparente/testsuite/karate/jwks/testJWKrsaprivkey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAuO0lSzNdA4G084FnllC1gIZIWPBG5oGPC2XnsWWpw0Hw2dzo
+5e5nYzXGS9CChVRN6CPrybeksNuVAg8/RzCF1ZJmDCCkQeocNmrB0HhXJVLgLU3B
+o4XZw/2G4zxo8RpemhyL2b3PzxplpKsmrIDI1TaCEgcvlsvmF6muMTmF9hnboGyX
+kapbrvVrxzU/WqZb580FzAFGyzSDNvUpIhl21k6An21jzwTQUS+M8hbXbbyO7SwM
+XlltbP0R1KYozBnxbfZyLlzIfw3ekuLqvjsRT68Ohej9WE3bCBKLJ2Bon7gpCgk0
+YaHlvGm6Dsa9E/kzWqoMurYMTPbhqCHbER5Y8wIDAQABAoIBAAR/cBrGIwsEypvp
+l9VmHSQFIBlZrr/IguwqDFqaOGjRX8RMxTVieQ1Gr44Egkgv5r0wsnlziAPtM1Cb
+glR+76JkLys4WAZqZUlFi3VAmA4GWAGCFKWfic5kijVYsMy8cXSaISSoozdMUxCQ
+QR6M+1WEP+GkXxnx16TXsa7s0T9NExaYXOvMwijOztrN4s3qbSeDJeoXC7y2G3XK
+4ZUCSt42QDyMdeDHGI53mJDGDWDX52si+Tfs+J27do/XQfVQF2cl5R8L2jS3mOJ0
+U8pDoB/HlZOEVxbYvgzE6c9gAFdMB9V90XCHFrHaOW027bLH0a8n4BuLZhWWHsSv
+aSHXRdECgYEA60kazg7hflRrvf4B4M4+j/Kqs0CKFucwF5bTEblnAylSSV8IUIp3
+CCKev67VmB6vGqdfTe2jMPKlksVVjCz6BWL5uLiqdzT/v9Ok9HuV3SwwvcR7bNSq
+PAfrZ1Gzbz9KPH80ylkdHKy0L3AyB3nK2t0lB9Z8QBerYi/TZ7ZsR90CgYEAyTUJ
+6j9iFfSPg8U6LW+e3z1bRIi94TwNYvgWoObzWtyqPJVm7xgSOaMjbSnHzr5N+WfI
+1Rn0yLs2XXH0Ix1Zn7focgBM799yZl4LLCCxBp+GcvKV8F0fJA7GCw4861s6/fbP
+clQ89eD8pLolv0j+aVuK60nOQPfpeTza2Kdl/w8CgYA/sxAVv4OfHx34Vx+NDGl1
+sV4zn4KDRt4HVOcaAlb4TSShBqCKpaIqSq0t+hiL0arYjX3I7FBlPRxEizZo9/hM
+owo2z5AfK/MdrSAYrKjbM06S4fIEeeMI06AQ3da1hK4FiO7y5YNzMvKpcTeqPHgG
+Hx8aayBCfeYBdC9JAeN45QKBgAj+DthiRs72ZCeee/Al6fLOOjMA7YOQfISs084T
+JFMuQ4l7n+MVr1LWILIzSNPLm46G/enQRClofJCGlEOxfxztSj02GDosQV+j2ln5
+iA/kt0yR3POmJcslweIim8RlCmjpS/IvI55VlNUD4MYAzCYHSlkjrk0nB0880gcW
+zC8vAoGBAM3ChgcR0wG3+AqaWH9S+gw9ivLua4vrIYvWpVWsDgECHGAP8BXsKw7/
+MOqIbzy23JRpqEQgMurlq9vFPHmp9ijvYJd0CsdGDQK3W6rZem8ZehVgegi0NLsG
+jIA5SdqiekQfDd+y0uySyDrwih32cYPB7xjYe3btBDRmPn1pbfDr
+-----END RSA PRIVATE KEY-----

protocolli/trasparente/testsuite/karate/jwks/testJWKrsapubkey.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO0lSzNdA4G084FnllC1
+gIZIWPBG5oGPC2XnsWWpw0Hw2dzo5e5nYzXGS9CChVRN6CPrybeksNuVAg8/RzCF
+1ZJmDCCkQeocNmrB0HhXJVLgLU3Bo4XZw/2G4zxo8RpemhyL2b3PzxplpKsmrIDI
+1TaCEgcvlsvmF6muMTmF9hnboGyXkapbrvVrxzU/WqZb580FzAFGyzSDNvUpIhl2
+1k6An21jzwTQUS+M8hbXbbyO7SwMXlltbP0R1KYozBnxbfZyLlzIfw3ekuLqvjsR
+T68Ohej9WE3bCBKLJ2Bon7gpCgk0YaHlvGm6Dsa9E/kzWqoMurYMTPbhqCHbER5Y
+8wIDAQAB
+-----END PUBLIC KEY-----

protocolli/trasparente/testsuite/karate/src/org/openspcoop2/core/protocolli/trasparente/testsuite/token/negoziazione/NegoziazioneJWKsTest.java

@@ -0,0 +1,94 @@
+/*
+ * GovWay - A customizable API Gateway 
+ * https://govway.org
+ * 
+ * Copyright (c) 2005-2022 Link.it srl (https://link.it). 
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3, as published by
+ * the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package org.openspcoop2.core.protocolli.trasparente.testsuite.token.negoziazione;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Test;
+import org.openspcoop2.core.protocolli.trasparente.testsuite.Bodies;
+import org.openspcoop2.core.protocolli.trasparente.testsuite.ConfigLoader;
+import org.openspcoop2.utils.transport.http.HttpConstants;
+import org.openspcoop2.utils.transport.http.HttpRequest;
+import org.openspcoop2.utils.transport.http.HttpRequestMethod;
+import org.openspcoop2.utils.transport.http.HttpResponse;
+import org.openspcoop2.utils.transport.http.HttpUtilities;
+import org.slf4j.Logger;
+
+/**
+* NegoziazioneJWKsTest
+*
+* @author Francesco Scarlato ([email protected])
+* @author $Author$
+* @version $Rev$, $Date$
+*/
+public class NegoziazioneJWKsTest extends ConfigLoader {
+
+
+	@Test
+	public void jwk() throws Exception {
+
+		_test(logCore, "test");
+
+	}
+
+
+
+
+
+	protected static HttpResponse _test(Logger logCore, String operazione) throws Exception {
+
+		String contentType = HttpConstants.CONTENT_TYPE_JSON;
+		byte[]content = Bodies.getJson(Bodies.SMALL_SIZE).getBytes();
+
+		String url = System.getProperty("govway_base_path") + "/out/SoggettoInternoTestFruitore/SoggettoInternoTest/TestTramiteJWKs/v1/"+operazione;
+
+		HttpRequest request = new HttpRequest();
+
+		request.setReadTimeout(20000);
+		request.setMethod(HttpRequestMethod.POST);
+		request.setContentType(contentType);
+		request.setContent(content);
+		request.setUrl(url);
+
+		HttpResponse response = null;
+		try {
+			//System.out.println("INVOKE ["+request.getUrl()+"]");
+			response = HttpUtilities.httpInvoke(request);
+		}catch(Throwable t) {
+			throw t;
+		}
+
+		String idTransazione = response.getHeaderFirstValue("GovWay-Transaction-ID");
+		assertNotNull(idTransazione);
+
+		verifyOk(response, 200, contentType); // è un flusso fruitore -> erogatore dove nell'erogatore viene verificato il token, è sufficiente il 200
+
+		return response;
+
+	}
+
+	public static void verifyOk(HttpResponse response, int code, String expectedContentType) {
+
+		assertEquals(code, response.getResultHTTPOperation());
+		assertEquals(expectedContentType, response.getContentType());
+
+	}
+}

resources/doc/src/releaseNotes/3.3.9/bug_p3.rst

@@ -7,6 +7,8 @@ Sono stati risolti i seguenti bug:
 
 - con interfacce OpenAPI complesse di grandi dimensioni la validazione dei contenuti utilizzando la libreria "swagger-request-validator" impiegava diversi secondi ad inizializzare lo schema, anche per richieste successive alla prima dove le informazioni vengono salvate in cache;
 
+- la negoziazione di un token in modalità 'SignedJWT' utilizzando un keystore di tipo 'JWK Set' falliva con il seguente errore: "Errore avvenuto durante la consegna HTTP: (Errore di Connessione) JWT Signature keystore password undefined";
+
 - sono state risolte le seguenti vulnerabilità relative ai jar di terza parte:
 
 	- CVE-2021-37533: aggiornata libreria 'commons-net' alla versione 3.9.0;